WORM_SPYBOT.IO

G

Guest

Please HELP

I need info on this worm. How do I remove this from my computer ????
I can't find "c:/system volume information"
I did find something in the registry


I did a scan !!!!!!!!
===============
Results:

Found virus
In File: C:\SYSTEM VOLUME
INFORMATION\_RESTORE593172EE-14D9-4262-8426-24BF2115D284\RP90\A0008387.EXE
Name: WORM_SPYBOT.IO
Requested action: Remove virus.
Results: Removal attempt failed. File still infected. See recommendation
below.
 
C

Carey Frisch [MVP]

To remove that virus file, you'll have to turn-off System Restore,
reboot, then turn it back on. One cannot delete an individual restore
point.

How to turn on and turn off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

---------------------------------------------------------------------------------

:

| Please HELP
|
| I need info on this worm. How do I remove this from my computer ????
| I can't find "c:/system volume information"
| I did find something in the registry
|
|
| I did a scan !!!!!!!!
| ===============
| Results:
|
| Found virus
| In File: C:\SYSTEM VOLUME
| INFORMATION\_RESTORE593172EE-14D9-4262-8426-24BF2115D284\RP90\A0008387.EXE
| Name: WORM_SPYBOT.IO
| Requested action: Remove virus.
| Results: Removal attempt failed. File still infected. See recommendation
| below.
 
D

David H. Lipman

1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt246.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

Dave





| Please HELP
|
| I need info on this worm. How do I remove this from my computer ????
| I can't find "c:/system volume information"
| I did find something in the registry
|
|
| I did a scan !!!!!!!!
| ===============
| Results:
|
| Found virus
| In File: C:\SYSTEM VOLUME
| INFORMATION\_RESTORE593172EE-14D9-4262-8426-24BF2115D284\RP90\A0008387.EXE
| Name: WORM_SPYBOT.IO
| Requested action: Remove virus.
| Results: Removal attempt failed. File still infected. See recommendation
| below.
|
 
G

Guest

Thankyou, Dave and Carey

Dear Dave
I just ran House call, the scan should my comp.
is clean.
Q: when I use house call does it really scan
it all.
Leah
thankyou,
 
D

David H. Lipman

Yes. The instructions indicated to disable System Restore, scan, the re-enable system
Restore.

The System Restore cache is held in the folder...
C:\SYSTEM VOLUME INFORMATION\_RESTORE

So the cache was emptied and no further remnants were found. That is a good thing :)

Dave




| Thankyou, Dave and Carey
|
| Dear Dave
| I just ran House call, the scan should my comp.
| is clean.
| Q: when I use house call does it really scan
| it all.
| Leah
| thankyou,
|
|
| "Star -- Leah" wrote:
|
| > Please HELP
| >
| > I need info on this worm. How do I remove this from my computer ????
| > I can't find "c:/system volume information"
| > I did find something in the registry
| >
| >
| > I did a scan !!!!!!!!
| > ===============
| > Results:
| >
| > Found virus
| > In File: C:\SYSTEM VOLUME
| > INFORMATION\_RESTORE593172EE-14D9-4262-8426-24BF2115D284\RP90\A0008387.EXE
| > Name: WORM_SPYBOT.IO
| > Requested action: Remove virus.
| > Results: Removal attempt failed. File still infected. See recommendation
| > below.
| >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

deleting system restore 5
Is anyone experience like this? How did you removed this threat? 3
C:\System Volume Information - Access is denied 10
Trojan detected? 5
Virus scanner won't clean Win 32.Induc.A out of archive 1
How to Access file in Directory of /System Volume Information/ 2
Hidden Virus 3
What is a Runtime packed fsg threat? 2

Top